Does WP Resume have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Resume have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Resume compatible with WordPress 3.6.1?

According to WordPress.org data, WP Resume 2.5.7 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is WP Resume updated?

WP Resume was last updated on Dec 28, 2014. Frequent updates are generally a positive security signal.

What is WP Resume's security score?

WP Resume has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Resume Security & Risk Analysis

wordpress.org/plugins/wp-resume

Out-of-the-box solution to get your resume online. Built on WordPress's custom post types, it offers a uniquely familiar approach to publishing

100 active installs v2.5.7 PHP + WP 3.3+ Updated Dec 28, 2014

educationexperienceonline-reputationpersonal-brandingresume

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Resume Safe to Use in 2026?

Generally Safe

Score 85/100

WP Resume has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "wp-resume" plugin v2.5.7 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded historical vulnerabilities, suggesting a generally stable codebase. The plugin also implements a reasonable number of nonce and capability checks across its entry points.

However, several concerns are raised by the static analysis. The presence of the dangerous `create_function` function is a significant red flag, as it can lead to code injection vulnerabilities. Furthermore, a substantial 15% of output escaping indicates that a majority of the plugin's output is not properly sanitized, creating a risk of cross-site scripting (XSS) attacks. The single AJAX handler without authentication checks is a direct attack vector that could be exploited by unauthenticated users. The taint analysis reveals one flow with high severity unsanitized paths, which is a critical finding requiring immediate attention.

While the plugin's vulnerability history is clean, this can sometimes be misleading, especially if the plugin hasn't been extensively tested for certain vulnerability classes or if past issues were not publicly disclosed. The current analysis reveals specific, actionable risks that, despite the absence of CVEs, necessitate careful remediation to ensure user data and site integrity. The plugin's strengths lie in its SQL handling and lack of historical issues, but the identified code signals and taint flows point to areas of immediate concern.

Key Concerns

Unprotected AJAX handler
Dangerous function create_function used
High severity unsanitized path in taint analysis
Low output escaping (15% proper)

Vulnerabilities

None known

WP Resume Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Resume Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

13 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$init = create_function( '', $code );includes\boilerplate-classes\debug.php:138

SQL Query Safety

100% prepared6 total queries

Output Escaping

15% escaped84 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save_link_field (includes\admin.php:723)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Resume Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 3

authwp_ajax_add_wp_resume_sectionincludes\admin.php:32

authwp_ajax_add_wp_resume_organizationincludes\admin.php:33

authwp_ajax_wp_resume_hide_donateincludes\admin.php:34

Shortcodes 1

[wp_resume] wp-resume.php:78

WordPress Hooks 62

actionadmin_menuincludes\admin.php:23

actionadmin_initincludes\admin.php:24

action55includes\admin.php:25

actionadmin_enqueue_scriptsincludes\admin.php:26

filteroption_page_capability_wp_resume_optionsincludes\admin.php:27

filterwp_resume_enqueue_jsincludes\admin.php:28

filterwp_resume_enqueue_cssincludes\admin.php:29

actionsave_postincludes\admin.php:37

actionwp_resume_organization_add_form_fieldsincludes\admin.php:40

actionwp_resume_organization_edit_form_fieldsincludes\admin.php:41

actioncreate_wp_resume_organizationincludes\admin.php:42

actionedited_wp_resume_organizationincludes\admin.php:43

actionplugins_loadedincludes\admin.php:46

actionwp_resume_section_add_formincludes\admin.php:61

actionwp_resume_section_edit_formincludes\admin.php:62

actionwp_resume_organization_add_formincludes\admin.php:63

actionwp_resume_organization_edit_formincludes\admin.php:64

actioninitincludes\boilerplate-classes\capabilities.php:40

actioninitincludes\boilerplate-classes\debug.php:23

filterdebug_bar_panelsincludes\boilerplate-classes\debug.php:36

filterdebug_bar_panelsincludes\boilerplate-classes\debug.php:37

actionadmin_initincludes\boilerplate-classes\donate.php:29

actionadmin_enqueue_scriptsincludes\boilerplate-classes\enqueue.php:24

actionadmin_enqueue_scriptsincludes\boilerplate-classes\enqueue.php:25

actionwp_print_stylesincludes\boilerplate-classes\enqueue.php:26

actionwp_enqueue_scriptsincludes\boilerplate-classes\enqueue.php:27

actionadmin_initincludes\boilerplate-classes\options.php:25

actionadmin_initincludes\class.plugin-boilerplate.php:58

actioninitincludes\class.plugin-boilerplate.php:61

actionplugins_loadedincludes\class.plugin-boilerplate.php:64

actionadmin_noticesincludes\class.plugin-boilerplate.php:170

actionparse_queryincludes\plaintext.php:22

filterwp_resume_plaintext_contentincludes\plaintext.php:35

filterwp_resume_plaintext_contentincludes\plaintext.php:36

filterwp_resume_plaintext_contentincludes\plaintext.php:37

filterwp_resume_plaintext_contentincludes\plaintext.php:38

filterwp_resume_plaintext_titleincludes\plaintext.php:39

filterwp_resume_plaintext_titleincludes\plaintext.php:40

filterwp_resume_plaintext_locationincludes\plaintext.php:41

filterwp_resume_plaintext_locationincludes\plaintext.php:42

filterwp_resume_plaintext_dateincludes\plaintext.php:43

filterwp_resume_plaintext_dateincludes\plaintext.php:44

filterwp_resume_plaintext_dateincludes\plaintext.php:45

actionplugins_loadedincludes\templating.php:27

filterwp_resume_dateincludes\templating.php:39

actioninitwp-resume.php:66

filterget_termswp-resume.php:67

filterwp_resume_orderwp-resume.php:68

actionwp_print_styleswp-resume.php:71

filterwp_resume_enqueue_jswp-resume.php:72

actionadmin_bar_menuwp-resume.php:75

actiontemplate_redirectwp-resume.php:81

actioninitwp-resume.php:82

actionpost_type_linkwp-resume.php:83

filterlist_terms_exclusionswp-resume.php:86

actionwp_resume_initwp-resume.php:89

filterwp_resume_load_deprecatedwp-resume.php:92

filterget_termswp-resume.php:328

filterwp_resume_enqueue_csswp-resume.php:521

filterpost_classwp-resume.php:524

actionwp_headwp-resume.php:812

filterwp_resume_sectionswp-resume.php:900

Maintenance & Trust

WP Resume Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedDec 28, 2014

PHP min version

Downloads46K

Community Trust

Rating46/100

Number of ratings6

Active installs100

Alternatives

WP Resume Alternatives

Resume Builder

resume-builder

100

Create one or many resumes with a photo, contact info, education, experience, skills, and more!

1K 1 CVE

HM Resume Manager

hm-resume-manager

WordPress Resume Manager plugin to display and manage personal resume or CV at your WordPress webpage.

200 No CVEs

BP Resume Page

bp-resume-page

Adds a resume page to BuddyPress profile. Also adds nav menu item under Avatar and in admin bar.

10 No CVEs

AMP

amp

100

An easier path to great Page Experience for everyone. Powered by AMP.

400K No CVEs

Tutor LMS – eLearning and online course solution

tutor

A complete WordPress LMS plugin to create any eLearning website easily.

100K 60 CVEs

Developer Profile

WP Resume Developer Profile

Ben Balter

7 plugins · 3K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

13 days

View full developer profile

Detection Fingerprints

How We Detect WP Resume

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-resume/css/wp-resume.css/wp-content/plugins/wp-resume/js/wp-resume.js

Script Paths

/wp-content/plugins/wp-resume/js/wp-resume.js

Version Parameters

wp-resume/style.css?ver=wp-resume/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-resume-titlewp-resume-summarywp-resume-contact

Data Attributes

data-resume-iddata-section-id

JS Globals

WP_Resumewp_resume_config

REST Endpoints

/wp-json/wp-resume/v1/positions

Shortcode Output

[wp_resume]

FAQ